0
0
mirror of https://github.com/nodejs/node.git synced 2024-11-27 22:16:50 +01:00
nodejs/tools/msvs
Tobias Nießen 0ae8bf8dbc msi: do not create AppData\Roaming\npm
This effectively reverts e431cae7e7 due to
security concerns. The directory is being created with elevated
privileges but its path may depend on an unprivileged user's environment
variables. Creating a directory in certain sensitive locations can cause
Windows to become inoperable.

Creating AppData\Roaming\npm was an intentional addition in order to
resolve https://github.com/nodejs/node-v0.x-archive/issues/8141, which
appears to have been a common issue for users of npm. However, this was
implemented before 4cfe5eb9af, which
changed the MSI installation scope to perMachine. There were concerns
about creating the npm directory in that PR, albeit not related to
security (see https://github.com/nodejs/node-v0.x-archive/pull/25640).

Refs: https://github.com/nodejs/node-v0.x-archive/issues/8141
Refs: https://github.com/nodejs/node-v0.x-archive/pull/8838
Refs: https://github.com/nodejs/node-v0.x-archive/pull/25640
PR-URL: https://github.com/nodejs-private/node-private/pull/408
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2023-30585
2023-06-20 17:30:15 -03:00
..
install_tools
msi msi: do not create AppData\Roaming\npm 2023-06-20 17:30:15 -03:00
npm
pch
find_nasm.cmd
find_python.cmd
nodevars.bat
vswhere_usability_wrapper.cmd